 <?php
session_start();
include("misc.inc");

		$username = $_REQUEST['username'];
		$password = $_REQUEST['password']; 

		$cxn = mysqli_connect($host,$user,$passwd,$dbname)
			or die("Query died: connect");

			
		$sql = "SELECT loginName FROM Member
			WHERE loginName='$_POST[username]'";		
		$result = mysqli_query($cxn,$sql)
			or die("Query died: username");			
		$num = mysqli_num_rows($result);
		//login name was found
		if($num > 0) 
		{
					
			$sql = "SELECT loginName FROM Member
					WHERE loginName='$_POST[username]'
					AND password='$_POST[password]'";
			$result2 = mysqli_query($cxn,$sql)
				or die ("Query died: password");
			$num2 = mysqli_num_rows($result2);
			if($num2 > 0) // password matches
			{
				$_SESSION['auth']="yes";
				$_SESSION['logname'] = $_POST['username'];

				header('Location: ChooseGroceryCat.php');
			} else {
			echo ("<p>Login failed</p><p><a href='Login.php'>Go back</a></p>");
			exit();
			}
		} else {
			echo ("<p>Login failed</p><p><a href='Login.php'>Go back</a></p>");
			exit();
		}
?>